2 matches found
Security Bulletin: IBM Content Navigator affected by reflected cross-site scripting issue <CVE-2014-8911>
Summary Reflected cross-site scripting issue using the "Accept-Language" header parameter affects IBM Content Navigator. Vulnerability Details CVEID: CVE-2014-8911 DESCRIPTION: IBM Content Navigator is vulnerable to reflected cross-site scripting, caused by improper validation of user supplied...
CVE-2014-8911
CVE-2014-8911 is a reflected XSS in IBM Content Navigator affecting 2.0.0–2.0.3 releases. The vulnerability arises from improper validation of the Accept-Language header, allowing remote attackers to inject arbitrary script or HTML and potentially steal cookies or hijack sessions. IBM’s advisory ...